How to ensure cashless customer payments are secure

Even the smallest independent restaurants, hotels, and pubs can tangibly improve their bottom line by taking card payments – simply by encouraging impulse purchases. It can also set your business apart from the competition. Put yourself in your punters’ shoes: if you have no cash in your wallet and the choice for lunch is between two perfectly decent eateries – one that takes cards and one that requires a detour to a cash point – which would you choose?

Whether your hotel, restaurant or pub is already set up for card payments or you’re still thinking about it, doing your homework to ensure your customers’ payments are secure, at the point of sale or over the phone, is crucial.

Choosing a merchant account​

First things first, should you wish to accept debit or credit card payments from customers you need a merchant account. This allows you to process credit and debit cards as your standard business account cannot offer this facility. A merchant account works as a link between your Chip & PIN card machine or EPOS system and your business account. When a customer payment is put through, it is processed through the merchant account.

When choosing a merchant account, you can take steps to protect your customers by making sure the merchant complies with the Payment Card Industry (PCI) Data Security Standards - a global security initiative designed to prevent fraud by protecting cardholder details.

Keeping data safe​

Your customers depend on you to keep their information safe. Compliance with data security standards has major benefits to businesses of all sizes, while failure to comply could have serious financial and reputational consequences. So if you’ve already got card payments enabled, make sure your provider is PCI DSS compliant. If you haven’t, pick a provider that is.

If your business would benefit from online payments – probably most relevant to hotels – this is straightforward to set up. Regardless of what type of website you have, you should be able to easily accept card payments online using a hosted payment page. All you need is an internet merchant account and a business bank account to where your funds can be transferred.

PCI DSS​

However, you can’t ignore the PCI DSS. It’s a business’s responsibility to ensure cardholder information is properly protected and small businesses are more susceptible to fraud as they tend to have less sophisticated security in place.

You can make yourself compliant by filling in a self-assessment form on the PCI Security Standards Council website and proving that you meet 12 key requirements, or you can use an online PCI portal to guide you through the process.

Payment evolution​

The payment industry continues to evolve. A survey by payyourway.org.uk reviewing consumer expectations of the future shows 42% of Brits believe they won’t need a purse or wallet in 2025. And the UK’s Card Association published a report showing that card payments in the UK are expected to almost double from 9.9 billion in 2012 to 17.3 billion in 2022. Meanwhile, the technology behind mobile payments is advancing. That’s why it’s so important to make sure your business is set up for secure cashless payments now.